Ransomware operators may have given victims a slight respite over the summer, but this now seems to have come to an end as attacks rise once again, new research has suggested.
The Q2/2022 Threat Report from Avast claims the number of global ransomware attacks increased by almost a quarter (24%) in just three months (compared to Q1 2022).
The rise, coming after “months of decline”, was most felt on endpoints (opens in new tab) in Argentina (56% rise), the UK (55%), Brazil (50%), France (42%), and India (37%).
Conti disbands, sends shockwaves
Avast Malware Research Director, Jakub Kroustek, says there were two main reasons for the drop that occurred in Q4 2021 and Q1 2022: one being law enforcement agencies “busting” ransomware group members, and the other one being the war in Ukraine.
Although ransomware operators didn’t exactly replace keyboards with AK-47’s, their focus changed to help one, or the other, political agenda.
Conti, a major ransomware operator, was hit the hardest, Kroustek reminds, saying the group’s members and affiliates disagreed over Conti’s stance, resulting in a slowdown, and even a complete stop, of operations.
“Things dramatically changed in Q2/2022. Conti members have now branched off to create new ransomware (opens in new tab) groups, like Black Basta and Karakurt, or may join other existing groups, like Hive, BlackCat, or Quantum, causing an uptick in activity,” he concluded.
When the invasion of Ukraine first kicked off, Conti publicly stated its support for the Russian regime and threatened to retaliate against anyone who’d try to strike at the Russian government in cyberspace. This did not sit well with Conti’s affiliates, many of whom were Ukrainian. Soon enough, one hacker started leaking Conti’s source code, as well as private communications. In late May, Conti officially shut down, and its members joined numerous other ransomware groups.